coassemble
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/cliglobal NPM package. This is an official tool provided by the vendor for platform integration.\n- [COMMAND_EXECUTION]: The skill uses themembraneCLI to interact with the Coassemble API. This approach centralizes security and authentication management within the vendor's infrastructure.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes data from the Coassemble API (ingestion points in list-courses, list-students). Capability inventory includes executing actions and requests. While explicit boundary markers and sanitization are not detailed in the prompt instructions, the skill promotes the use of pre-built actions which provide managed interaction layers, and it follows best practices by avoiding local secret storage.
Audit Metadata